With the advent of the Surface Pro X, there is becoming a push for more 2-in-1 devices to work on ARM technology (as is found in most cell phones and tablets) to run full Windows OS's. However, there is no support for Endpoint Protection (Cloud or On-Prem) for these types of devices. I would like to see an Endpoint Protection package (Anti-virus, firewall, application control, etc.) that will support ARM processors.

Allow us to block Google Quic protocol on Endpoint level since we can do it from the Firewall. This would allow us to block it from the agent instead of having to manually disable it on Chrome or setup a Windows Firewall rule to block 443 or 80 on UDP.

Having now IPS on Endpoint, means that behind an XG FW with its own IPS activated there's a certain overlap (double check) of certain IPS patterns.
Proposal: use the heartbeat (synch security) to check whether or not the endpoint is sitting behind an XG FW with IPS enabled. If so, the endpoint doesn't have to check them again and can save some resources.

Almost all central or cloud consoles for competing AV products have the ability to remotely remove/uninstall agents from a workstation. There are command line functions that can be used directly from a workstation to do this and you can reinstall the product if already partially installed, so it would seem like a VERY simple change to implement an uninstall function.

On Sophos Central, just like on the server protection which Sophos agent able to see what applications are installed on the servers. On the endpoints should also has this inventory of application features. This will help to see what applications are suspicious and looking for unpatch applications.

I would like some functionality added to Sophos Central to accommodate for the need to exempt a specific application on a single server without creating the need for an endless and complicated web of policies as additional application exemption needs are identified.

An example:

The company has all servers "enrolled" in the Default Application Control policy. Server A requires all of the same rules as the Default policy but needs PuTTY allowed. No other servers can have PuTTY installed per a strict security policy. To accommodate this need, we, at present, must create Default Application Controls policy clone (w/PuTTY allowed).

After that first application exemption need was identified and accommodated, we now have two policies that are nearly identical, the Default policy and the Default policy clone w/PuTTY exemption.

A new application is identified as requiring exemption on all servers. To accommodate this, we need to modify the Default policy AND the Default policy clone w/Putty exemption. Fine, so we modify the two policies and move on.

A new application, Ruby Installer, for instance, is identified that is required to be exempted on Server B, but not on Server A where PuTTY is exempted, so a third policy must now be created.

Another application is identified that all servers need allowed, so we have to update all three policies.

Over time, this list is expected to grow in complexity that appears exponential.

Perhaps I am missing something somewhere, but it appears as though there is no nice accommodation for one-off exemptions like this in the Application Control policy. If possible, I would like to suggest the addition of the ability to add an exemption that is assigned to a machine that overrides the Application Control policy to which it subscribes in Sophos Central.

I would like some functionality added to Sophos Central to accommodate for the need to exempt a specific application on a single server without creating the need for an endless and complicated web of policies as additional application exemption needs are identified.

An example:

The company has all servers "enrolled" in the Default Application Control policy. Server A requires all of the same rules as the Default policy but needs PuTTY allowed. No other servers can have PuTTY installed per a strict security policy. To accommodate this need, we, at present, must create Default Application Controls policy clone (w/PuTTY allowed).

Disney plus is indeed an epitome of entertainment and enjoyment. Then maybe you've got that covered as Disney launch plus free trial. But the emergence of the corona virus and the limitations imposed in the aftermath have made people crazy! - https://sites.google.com/view/activate-disney-plus-roku/home

I put a few machines in the test group to test the newest version but, want to go back to the version we are using in our environment. Apparently, this is not supported. I need to test before deploying. Please enable the rollback option. Even if it does require that we have to uninstall/reinstall.

Could we have the ability back to apply web control policy by device instead of only by user? This was a feature in our previous version, and we use it to add protection for laptops. Some laptop users also use other devices so we don't want to apply policy by user, and some laptops are shared so we don't want it to be unprotected if someone else logs in. We prefer to avoid doubling up on protection for devices behind company firewalls.

icon-data-protectionicon-endpoint-protectionicon-phish-threaticon-sophos-centralicon-sophos-centralicon-sophos-centralicon-sophos-centralicon-sophos-centralicon-sophos-centralicon-sophos-centralicon-sophos-mobileicon-sophos-utmicon-sophos-utmicon-sophos-utmicon-web-applianceicon-xg-firewallicon-xg-firewallicon-avid-secureicon-lightbulbCreated with Sketch.

Your password has been reset

We have made changes to increase our security and have reset your password.

We've just sent you an email to .
Click the link to create a password, then come back here and sign in.